Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-29800

Опубликовано: 21 сент. 2022
Источник: debian

Описание

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
networkd-dispatcherfixed2.2.3-1package

Примечания

  • https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

  • https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe

  • https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133

  • No security impact in Debian, see #1010303

Связанные уязвимости

ubuntu логотип

CVE-2022-29800

CVSS3: 4.7
ubuntu
больше 3 лет назад

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

redhat логотип

CVE-2022-29800

CVSS3: 4.7
redhat
почти 4 года назад

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

nvd логотип

CVE-2022-29800

CVSS3: 4.7
nvd
больше 3 лет назад

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.

github логотип

GHSA-37cj-9g83-7692

CVSS3: 4.7
github
больше 3 лет назад

A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.